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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 18 June 2004 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^| Claim(s) 25-30 A5, 54 and 55 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Ciaim(s) is/are allowed. 

6) ISl Claim(s) 25-30,45.54 and 55 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. , 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is responsive to communication: amendment filed 
18 June 2004 with recognition of a filing date of 19 April 2000. 

2. Applicant's election with traverse, Group II (Claims 25-30, 45, 54, and 55). The 
traversal is on the grounds that the Office has not shown: proof of a serious burden, or that the 
subcombinations have utility other than in the disclosed combination by way of example, or legal 
proper test for imposing restriction because the claims are independent and distinct. This is not 
found persuasive because the burden is cause by the different methods of providing computer 
security and assisting computer security: Group I is directed to a computer security service with 
policy builder, which is different from Group II which is drawn to data processing system 
included graphic user interface feature. Groups II and I are different than Group III, which is 
directed to a digital processing system including authentication of an entity features. Likewise 
Groups IV is drawn to digital processing system including a network server, Group V is drawn to 
data processing presentation included structured document format. The independent claims 
themselves are evidence that the groups can be used individually. In the independent claims of 
Group I and II there is not any dependency for an authentication of an entity. In the independent 
claims of Group I and III there is no detailed description of a GUI with grid and labels. Finally 
in the independent claims of Group I, III, IV, and V there is no description on a computer 
security system included a graphic user interface. 

The requirement is still deemed proper and is therefore made FINAL. 

3. Claims 25-30, 45, 54, and 55 are currently pending in this application. Claims 25, 29, 
and 54 are independent claims. 
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Claim Objections 

4. Claims 29 and 54 objected to because of the following informalities: the word 
"labelling" is misspelled. Appropriate correction is required. 

Claim Rejections -35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

6. Claims 25, 26, 27, 29, 54, and 55 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Flint et al. U.S. Patent No. 6,453,419 (hereinafter '419). 

As to independent claim 54, "A method for displaying access policies for a security 
service for a computer network" is taught in '419 col. 2, lines 6-13; 

"the computer network comprising defined users" is shown in '419 col. 3, 
lines 10-13; 

"services and resources" is disclosed in '419 col. 4, lines 14-19; 

"the method comprising the steps of displaying, on a computer display unit, a grid 
having nodes, laid out on a first and on a second axis" is taught in '419 col. 2, lines 51-52 (the 
first arid second axis are inherent in a GUI) 

"displaying, on the grid, unit user labels corresponding to the user data, each user 
label labelling nodes aligned relative to the first axis of the grid, and" is shown in '419 col. 
5, lines 29-31 (the alignment to first axis is inherent in a GUI); 
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"displaying on the grid resource labels corresponding to the services and resources 
data, each resource label labelling nodes aligned relative to the second axis of the grid, 
whereby the nodes in the grid correspond to access policies for the defined users and 
defined services and resources for the computer network, corresponding to the user and 
resource labels" is disclosed in '419 col. 6, 
lines 25-37. 

As to dependent claim 55, this claim is directed to a program storage device performing 
the method of claim 54 and is therefore rejected along similar rationale. 

As to independent claim 25, this claim is directed to a graphical user interface of the 
method of independent claim 54 and is therefore rejected along similar rationale. 

As to dependent claim 26, "further comprising a user definition component for 
defining a business relationship tree data structure representing a set of the defined users 
and in which the user labels displayed by the graphical user interface correspond to the 
business relationship tree data structure" is taught in '419 col. 3, lines 31-47. 

As to dependent claim 27, "further comprising a resource definition component for 
defining a resource tree data structure representing a set of the defined services and 
resources and in which the resource labels displayed by the graphical user interface 
correspond to the resource tree data structure" is shown in '419 col. 3, line 61 through col. 4 5 
line 7. 

As to independent claim 29, "A graphical user interface" is disclosed in '419 col. 2, 
lines 51-52; 

"for a security service for a computer network" is taught in '419 col. 2, lines 6-13; 
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"the computer network comprising defined users represented by a business 
relationship tree data structure" is shown in '419 col. 3, lines 31-47; 

"the computer network further comprising services and resources, represented by a 
resource tree data structure" is disclosed in '419 col. 6, lines 25-37; 

"the graphical user interface comprising display means for displaying a grid 
comprising nodes laid out on a first axis and on a second axis" is shown in '419 col. 2, lines 
51-52 (it is inherent in a GUI to have a first and second axis) 

"user labels corresponding to the users in the business relationship tree data 
structure, each user label labelling nodes aligned relative to the first axis of the grid" is 
disclosed in '419 col. 5, lines 29-31; 

"and resource labels corresponding to the defined services and resources in the 
resource tree data structure, each resource label labelling nodes aligned relative to the 
second axis of the grid, the nodes in the grid corresponding to access policies for the 
defined users and defined services and resources, corresponding to the user and resource 
labels" is taught in '419 col. 6, lines 25-37. 

Claim Rejections - 35 USC §103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 28, 30, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'419 in further view of Wiegel U.S. Patent No. 6,484,261 (hereinafter '261). 
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As to dependent claim 28, the following is not taught in c 419 "further comprising an 
access policy editor for defining the nodes in the grid, the access policy editor comprising 
means for graphically assembling icons representing policy rules to define an access policy 
for a user-specified node" however '261 teaches "The administrator can define a security 
policy once and apply it to a plurality of network devices. To accomplish this, the administrator 
prepares a symbolic policy and saves it persistently using a unique name. The name of the 
policy and an icon representing the policy are displayed in a tree in a pane of a user interface 
generated by the mechanism. The physical network available to the administrator is displayed 
as a separate tree of icons that represent network objects. The administrator moves the mouse 
cursor to the previously defined policy, clicks and holds down a mouse button, and drags the 
icon representing the policy over an icon representing a network object. When the 
administrator releases the mouse button, the policy is applied to the network object. In this 
manner, policies can be dragged and applied to NT domains, users, groups, individual 
machines, or to arbitrary groups of machines residing in defined physical or logical networks" 
in col. 14, lines 36-52. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify a security service for a computer network taught in '419 to include a means 
to graphically design the user interface. One of ordinary skill in the art would have been 
motivated to perform such a modification to customize the display screen and therefore increase 
user flexibility see '261 col. 4, lines 38-44 "There is also a need for a way to construct a 
representation of a network security policy in which the representation is easily correlated with 
the policy. There is a particular need for such a mechanism that does not require the 
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administrator to have knowledge about low-level network protocol details and about the 
particular network protocols that are used by application programs". 

As to dependent claim 30, "the grid comprising inheriting nodes and defining nodes, 
the defining nodes corresponding to access policies expressly defined by a policy manager, 
the graphical user interface further comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining 
nodes in the grid across the inheriting nodes below the defining nodes in each of the 
business relationship tree data structure and the resource tree data structure" is shown in 
'261 col. 13, lines 37-50 "Thereafter, administrators can reference the network objects in the 
Networks tree 720 when developing security policies. For example, the administrator can 
prepare a security policy that accepts or rejects a data packet depending on whether the 
destination of the packet is the software engineering group 726, the marketing group 728, or one 
of the hosts 730 within a group. Accordingly, the security policies are kept simple because, 
rather than incorporating the network-specific information, the security policies inherit 
knowledge about the network from the Networks tree 720. Further, a security policy may be 
attached to a group of objects rather than only to a single object". 

As to dependent claim 45, this claim is directed to a program storage device performing 
the method of claims 25, 26, and 30; therefore it is rejected along similar rationale. 
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Conclusion 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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